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,1, Description of «B. - w(C, C) = C^. * ^^"^ " 

on page 37 (line 18 on page 58 in English text) of the 
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,2) Description of -according to claim, wherein," Irne 
3 Of Claim 27 on page 81 .page 128 in English text, of the claims 
is amended to - according to claim 25, wherein. — 
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Here, m is a natural niomber and m > 1 . 



The secret data C on the client computer 10 side and the 
secret data S of on the server computer 40 side are transmitted 
to the other, and as explained in the following, the secret data 
changes every time of information giving/receiving, in other 
words, as to the secret data C transmitted from the client 
computer 10 to the server computer 40, at the transmission 
timing above, new secret data C is generated by a predefined 
function y/S, R) , and then it is transmitted. The function y 
maybe a simple addition, polynomial equation with a coefficient 
added, multiplication, s\am of products and hash function, as 
a way of example. Similarly, when a transmission is made from 
the server computer 40 to the client computer 10, the secret 
data S is generated by a predefined function zCC, Q) and it is 
transmitted. The function z may be a simple addition, 
polynomial equation with a coefficient added, multiplication, 
sum of products and hash function, as a way of example. An 
example of the function y and the function z will be shown in 
the following. 

C„ = y(S, R) = + iVi . 

S« = z ( C, 0) = C„ + Q„.i 

Here, m is a natural number and m ^ 1. 



In addition, it may be possible to conceal the secret 



transmission, in order to make difficult for a third party to 
specify the secret data. For example, the secret data C 
transmitted from the client computer 10 to the server computer 
40 and the secret data S transmitted from the server computer 
40 to. the client computer 10 may be concealed by the private 
key K. in other words, it is possible to use a function to which 
the private key K is added as a parameter. 

(Detailed process) 

Fig. 4 is a conceptual illustration showing a detailed 
process in the mutual authentication according to the first 
enO^odiment of the present invention. The detailed process of 
the present embodiment will be explained with reference to Fig. 

4. . 
Step PO: 

in each of the client computer 10 and the server computer 
40, a private key as initial value is stored. This process 
corresponds to step 100 of Fig. 3, and processes PcO and PsO 
of Fiig. 4. 

Step PI: , 

in the client computer 10, a random number R is generated, 
secret data C and authentication data A are computed and 
transmitted to the server computer 40. 
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a step in which said first device generates, as the third 
onetime ID, a function value of one-way function in which said 
first random number, said second random number, and said shared 
key are used as argxoments, and transmits the third onetime ID 
to said second device; and 

a step in which said second device generates by 
computation said third onetime ID based on said first random 
number, said second random number and said shared key, and 
determines validity of said first device by comparing a result 
of the computation and said third onetime ID received from said 
first device. 

26. The authentication method according to claim 24, 
wherein, 

said first random number and said second random number 
are transmitted in a state as being encrypted by a shared key 
previously shared between said first device and said second 
device . 

27. The authentication method according to claim 25, 
wherein, 

said first random. number, and said second random number 
are transmitted in a state as being encrypted by a shared key 
previously shared between said first device and said second 
device . 




28- The authentication method according to any one of 
claims 24 to 26, wherein, 

in the step where said second device transmits to said 
first device said second onetime ID and said second random 
number, said second device has, as an initial random number, 
a random number shared between the second device and said first 
device, and carries out a predefined computation in which the 
initial random number and said first random number are used as 
arguments, and transmits a result of the computation to said 
first device, and said first device uses said result of the 
computation received from said second device as a material for 
determining validity of said second device, together with said 
second onetime ID. 

29. The authentication method according to claim 24, 
wherein, 

in the step where said first device transmits said third 
onetime ID to said second device, said first device carries out 
a predefined computation in which said first random number and 
said second random number are used as arguments, and transmits 
a result of the computation to said second device, and said 
second device uses said result of the computation received from 
said first device as a material for determining validity of said 
first device, together with said third onetime ID. 

30. The authentication method according to claim 25, 
wherein. 




in the step where said first device transmits said third 
onetime ID to said second device, said first device carries out 
a predefined computation in which said first random number and 
said second random number are used as arguments. 



